X-Git-Url: https://git.cyclocoop.org/?a=blobdiff_plain;f=etc%2Fopenssl%2Fservice%2Fimap.cfg;fp=etc%2Fopenssl%2Fservice%2Fimap.cfg;h=0109e227dd873526e9942e2821044b4ecc0a709a;hb=5b3f6649997abf4786ec2b1292abf712d4358567;hp=0000000000000000000000000000000000000000;hpb=d501326a3e710da0ea34928b4a44d13103c0106a;p=lhc%2Fateliers.git diff --git a/etc/openssl/service/imap.cfg b/etc/openssl/service/imap.cfg new file mode 100644 index 0000000..0109e22 --- /dev/null +++ b/etc/openssl/service/imap.cfg @@ -0,0 +1,71 @@ + SERVICE = imap + HOME = . + RANDFILE = var/sec/x509/openssl.rand + oid_section = extra_oids +[ extra_oids ] + # NOTE: pour une éventuelle validation étendue (Extended Validation (EV)) + jurisdictionOfIncorporationLocalityName = 1.3.6.1.4.1.311.60.2.1.1 + jurisdictionOfIncorporationStateOrProvinceName = 1.3.6.1.4.1.311.60.2.1.2 + jurisdictionOfIncorporationCountryName = 1.3.6.1.4.1.311.60.2.1.3 +[ req ] + prompt = no + distinguished_name = service_distinguished_name + string_mask = pkix + #x509_extensions = root_extensions + #req_extensions = service_extension + #attributes = req_attributes +[ service_distinguished_name ] + countryName = $ENV::x509_country + stateOrProvinceName = $ENV::x509_state_or_province + localityName = $ENV::x509_state_or_province + 0.organizationName = $ENV::x509_organization + organizationalUnitName = Service IMAP + commonName = $SERVICE.$ENV::x509_host + businessCategory = $ENV::x509_business_category + jurisdictionOfIncorporationLocalityName = $ENV::x509_state_or_province + jurisdictionOfIncorporationStateOrProvinceName = $ENV::x509_state_or_province + jurisdictionOfIncorporationCountryName = $ENV::x509_country +[ service_extensions ] + basicConstraints = critical,CA:FALSE + keyUsage = digitalSignature,keyEncipherment + subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host + subjectKeyIdentifier = hash + issuerAltName = issuer:copy + authorityKeyIdentifier = keyid:always,issuer:always + authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/tls/crt.pem + crlDistributionPoints = URI:http://www.$ENV::x509_host/tls/$SERVICE/crl.pem + certificatePolicies = @service_certificate_policies +[ service_self_signed_extensions ] + basicConstraints = critical,CA:TRUE,pathlen:0 + keyUsage = keyCertSign,cRLSign,digitalSignature,keyEncipherment + subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host + subjectKeyIdentifier = hash + issuerAltName = issuer:copy + authorityKeyIdentifier = keyid:always,issuer:always + authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/tls/$SERVICE/crt.pem + crlDistributionPoints = URI:http://www.$ENV::x509_host/tls/$SERVICE/crl.self-signed.pem +[ user_extensions ] + basicConstraints = critical,CA:FALSE,pathlen:0 + keyUsage = digitalSignature,keyEncipherment + subjectAltName = email:$ENV::USER@$ENV::x509_host + subjectKeyIdentifier = hash + issuerAltName = issuer:copy + authorityKeyIdentifier = keyid:always,issuer:always + authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/tls/$SERVICE/crt.pem +[ service_certificate_policies ] + policyIdentifier = 1.2.250.1.42 + CPS.1 = https://www.$ENV::x509_host/tls/cps +[ service_ca ] + private_key = $HOME/var/sec/x509/service/$SERVICE/key.pem + dir = $HOME/var/pub/x509/service/$SERVICE + crl_dir = $dir + crlnumber = $dir/crl.num + crl = $dir/crl.pem + database = $dir/idx.txt +[ service_self_signed_ca ] + private_key = $HOME/var/sec/x509/service/$SERVICE/key.pem + dir = $HOME/var/pub/x509/service/$SERVICE + crl_dir = $dir + crlnumber = $dir/crl.self-signed.num + crl = $dir/crl.self-signed.pem + database = $dir/idx.self-signed.txt